Enable or Disable Jetty SSL Protocols / Ciphers

Posted by

Modify below files to enable/disable ssl protocols or ciphers in Jetty

– etc/ssl-context.xml for an open source Jetty

– conf/jetty-ssl.xml for an maven embedded jetty

Exclude Ciphers

<Set name="ExcludeCipherSuites">
	<Array type="String">
		<Item>.*NULL.*</Item>
		<Item>.*RC4.*</Item>
		<Item>.*MD5.*</Item>
		<Item>.*DES.*</Item>
		<Item>.*DSS.*</Item>
	</Array>
</Set>

Include protocols

<Set name="IncludeProtocols">
	<Array type="java.lang.String">
		<Item>TLSv1.2</Item>
	</Array>
</Set>

Exclude protocols

<Set name="ExcludeProtocols">
	<Array type="java.lang.String">
		<Item>SSLv3</Item>
		<Item>TLSv1</Item>
		<Item>TLSv1.1</Item>
	</Array>
</Set>

 To verify the fix please refer to http://devopsunixandjava.com/sslscan-fast-ssltls-scanner/

Leave a Reply

Your email address will not be published.